Trying to restore sanity on my /home directory

A

alex11

Hi, so in moving from Debian to FreeBSD, I accidentally copied my stuff in grsync using the wrong permissions, and now i have a bunch of rwxrwxrwx; as far as I understand 644 is a good mode to set most things to, so I guess my question is a) Am I correct in that assumption (I'll set my ssh private key to 600 though) or should I do things differently and b) Can I automate it so I don't have to go into every subdirectory and set the mode that way for every file?
 
The man page for chmod and chown contain descriptions on how to apply them recursively.

Sorry for tthis style, it's barely sun-up and no coffee here.
 
I recommend you use relative, rather than absolute permissions. Start with chmod -r o-w . (remove write permission from others recursively.)
 
alex11 said:
Can I automate it so I don't have to go into every subdirectory and set the mode that way for every file?
Click to expand...
Directories would need 755 permissions, files 644.

find /home/<username> -type d -exec chmod 755 {} \;
find /home/<username> -type f -exec chmod 644 {} \;
After that you'll need to change a few files and directories, like your SSH keys, manually but this will set the bulk correctly.
 
SirDice that will spawn one sup-process per entry found. If the command can take multiple arguments, you may use find /home/foo -type f|xargs chmod o-r
 
Yeah, it's not the fastest way to do it. But it is the most clear to understand what it does. Piping the output through xargs(1) definitely improves the performance, but you can run into problems if there are a lot of files. You'll run into a dreaded "argument line too long" error. There are ways around that too, by doing it in "batches" of 10, 20 or so files, but it's not going to make the one-liner easier to understand ;)
 
And don't forget: If your files names have blanks or other special characters in them, then "find ... | xargs ..." will fail. In that case, terminate with zero: "find ... -print0 | xargs -0 ...".

For the OP, another few things: Is this a single-user computer, which has only two accounts in real use (the user and root)? In that case, the permissions for "group" and "other" don't actually matter, and 666=rw-rw-rw- for files and 777=rwxrwxrwx for directories is not a bad thing. But 644=rw-r--r-- and 755=rwxr-xr-w are much more common and reasonable for multi-user computers; depending on your expectation of privacy, 640=rw-r----- and 750=rwxr-x--- might be better. And also remember: If you have any executable files (compiled programs, scripts) in your home directory, they should be marked executable.
 
I would start like this:
Code: 
cd
find . -type d -print0 | xargs -0 chmod 0700
find . -type f -print0 | xargs -0 chmod 0600
There’s rarely a reason to have things in your home directory world-readable. That’s why my umask is 077 by default (022 when I switch to root).

PS: If you use zsh and have the zargs function loaded (autoload zargs), the above can be done with less typing:
Code: 
zargs **/*(/) -- chmod 0700
zargs **/*(.) -- chmod 0600
Explanation: The zsh wildcard ** works like *, but recursively, i.e. it searches all subdirectories. The modifier (/) expands only directory names, and (.) expands only plain file names. The zargs function works like the xargs command, but file names are not read from standard input but from the command line, so you don’t have to use find(1) (therefore -- must be used to separate them from the command to execute).
 
If your permissions are already correct on Linux, you may just want to rsync your files again, data will not be copied, but permissions will be fixed.

Be aware that UIDs under FreeBSD start at 1001 by default and at 1000 under Linux (and most other OS, including in the BSD family).
You should fix that first.

Finally, under FreeBSD, /home is a symlink to /usr/home and this will mess up many applications that "canonify" paths in their configuration files.
You may also want fix that if you want your FreeBSD machine to interoperate nicely with Linux machines.
 
You must log in or register to reply here.
Back
Top